diff options
author | Erich Eckner <git@eckner.net> | 2019-09-02 10:31:30 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-09-02 12:03:10 +0200 |
commit | 4cb7f201a74ebd1709f544f79cdff6855f853e0d (patch) | |
tree | 62277205ef753c6894887f8fb4d5535afd9fb824 /website-run-through | |
parent | ae6cc296f850009ee4a088cf65ee971d6a501e55 (diff) | |
download | simple-pki-4cb7f201a74ebd1709f544f79cdff6855f853e0d.tar.xz |
useful defaults, no password on CAs
Diffstat (limited to 'website-run-through')
-rwxr-xr-x[-rw-r--r--] | website-run-through | 27 |
1 files changed, 19 insertions, 8 deletions
diff --git a/website-run-through b/website-run-through index b4d2f42..0432ba1 100644..100755 --- a/website-run-through +++ b/website-run-through @@ -1,5 +1,7 @@ #!/bin/bash +rm -rf --one-file-system ca certs + mkdir -p ca/root-ca/private ca/root-ca/db crl certs chmod 700 ca/root-ca/private @@ -13,7 +15,7 @@ openssl req -new \ -out ca/root-ca.csr \ -keyout ca/root-ca/private/root-ca.key -openssl ca -selfsign \ +openssl ca -batch -selfsign \ -config etc/root-ca.conf \ -in ca/root-ca.csr \ -out ca/root-ca.crt \ @@ -32,24 +34,33 @@ openssl req -new \ -out ca/signing-ca.csr \ -keyout ca/signing-ca/private/signing-ca.key -openssl ca \ +openssl ca -batch \ -config etc/root-ca.conf \ -in ca/signing-ca.csr \ -out ca/signing-ca.crt \ -extensions signing_ca_ext -SAN=DNS:www.simple.org \ +SAN=DNS:test.local \ +CN=test.local \ openssl req -new \ -config etc/server.conf \ - -out certs/simple.org.csr \ - -keyout certs/simple.org.key + -out /tmp/nginx.csr \ + -keyout /tmp/nginx.key -openssl ca \ +openssl ca -batch \ -config etc/signing-ca.conf \ - -in certs/simple.org.csr \ - -out certs/simple.org.crt \ + -in /tmp/nginx.csr \ + -out /tmp/nginx.crt \ -extensions server_ext +cat /tmp/nginx.crt ca/signing-ca.crt ca/root-ca.crt > /tmp/nginx.chain + +sudo systemctl restart nginx + +curl -Ss https://test.local --cacert ca/root-ca.crt + +exit 0 + openssl ca \ -config etc/signing-ca.conf \ -revoke ca/signing-ca/01.pem \ |